From af061d008320a83adbea0a603bba7c663933b4d8 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 12 Feb 2021 06:26:25 +0000
Subject: [PATCH] nginx/server: Validate certificate before installing

---
 roles/nginx/site/tasks/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/nginx/site/tasks/main.yml b/roles/nginx/site/tasks/main.yml
index b66649c..d6c7cc3 100644
--- a/roles/nginx/site/tasks/main.yml
+++ b/roles/nginx/site/tasks/main.yml
@@ -38,6 +38,7 @@
     mode: 0644
     owner: root
     group: "{{ ansible_wheel }}"
+    validate: /usr/bin/openssl x509 -in %s -noout
   with_first_found:
     - "/srv/letsencrypt/live/{{ site }}/fullchain.pem"
     - "/srv/ca/certs/{{ site }}.crt"